Ransomware epidemic - are you prepared?
Posted on March 20, 2018
According to recent studies, more than 4,000 ransomware attacks happen daily, infecting around 30,000 - 50,000 devices every month. So it’s fair to say that these ransomware attacks, along with their exponential increase over previous years, is now of epidemic proportions. There are many steps you can take to protect your organisation from these cybersecurity attacks and avoid system downtime.
What is ransomware?
First unleashed on September 5, 2013 under the name Cryptolocker, ransomware is a type of malware. It completely blocks access to all files and systems, often quickly spreading through the corporate network, until a ransom is paid. Other variations threaten to delete files if the ransom isn’t paid within a certain amount of time. Upon payment, hackers promise to hand over a decryption code and payment is usually demanded in untraceable bitcoin or another cryptocurrency.
To understand the scope of the problem, you only have to look at the figures. In 2016, US$850 million was paid out to ransomware attacks, up from US$24 million the previous year. However, the biggest impact on business is not the amount of ransom paid, it is the business downtime caused by these attacks. Another report states infected businesses lost access to data for two days or more.
And of those organisations which did experience an attack, almost half reported data or hardware loss - whether or not the ransom was paid. So it makes sense to do everything to avoid an infection in the first place.
Who the epidemic targets
No industry sector is immune and companies of all sizes are targeted.
The Office of the Australian Information Commissioner (OAIC) reports the most targeted sectors in 2016 after Australian Government websites, were finance, including superannuation companies, health service providers, retail and online services.
Recent statistics do suggest that attackers are shifting away from high volume infectious email campaigns to more tightly targeted, customised attacks, aimed at larger, well-resourced companies. These attacks have a high success rate, with over 70 percent of companies targeted by ransomware attacks, successfully infected by malware.
The most popular and successful infection vector for cyber criminals is still via email. It means that an organisation can have the most expensive and best security in the world, but one wrong click by an employee and that security means nought.
Cyber crimes and ransom delivery modes continue to evolve however, so malware can be also delivered via malvertising, drive-by downloads and malicious URL’s.
How to protect your organisation
With careful strategies, much of the pain of ransomware can be avoided.
- A good start is to work with always-on protection such as Cloud Firewall. This sort of security protection can cover up to 50% of issues before they even hit the corporate network. It means resources are freed up to deal with the more niche, targeted threats.
- Ensure all operating systems and processes are up-to-date and patched where appropriate, although some older systems, such as Windows Server 2003 may no longer be supported though are still widely used among businesses.
- After a strong, up-to-date firewall, education is key in preventing an initial infection. Educating employees to identify malicious emails or links, particularly as attacks become more customised and targeted, is essential. An educated employee can also help to contain the infection by closing their computer and removing it from the network quickly, therefore becoming part of the solution, rather than part of the problem.
- Employees also need to understand the dangers of dealing directly with cybercriminals. Companies cannot let a lack of knowledge or sense of shame drive their employees to consider the option of paying a ransom themselves. This often makes little difference to the outcome regardless.
- While some larger organisations are looking to solutions which use machine learning and behavioural analytics to block ransomware, it's a solid strategy to assume your network will be infected and to prioritise your response recovery. A comprehensive data management strategy which includes cloud backup is imperative. Should an infection take hold of corporate infrastructure, loss of productivity can be minimised with systems and files restored within minutes, without even considering paying the ransom.
Speak with Vocus on 1800 032 290 if you are concerned about your current security measures and ensure your organisation’s are always strong and up to date.